Product Brief 


Nortel Networks 

Contivity 400 VPN switch 

for small offices and branch offices 


Service providers and enterprises have been quick 
to see the merits of IP (Internet Protocol) VPN (Virtual 
Private Network) services to connect multi-location 
enterprises and supply chains. 

Nortel Networks has led the customer-premises IP VPN 
market with a family of Contivity* systems that support 
up to 5000 simultaneous tunnels. Now the power of 
Contivity VPN Switches can be cost-effectively extended 
to connect small offices and home offices. 

Announcing the cost-efficient Contivity 400 VPN switch, 
the ideal solution for setting up secure, encrypted, 
tunnels—for incorporating small satellite offices and 
teleworkers into a secure corporate network. 


The Contivity family adds a new 
member to its product lineup: the 
Contivity 400. This is the ideal Contivity 
VPN Switch for small enterprises with 
multiple branch offices. 

With support for encrypted, secure branch 
tunnels, the Contivity 400 is perfect for 
connecting small offices to headquarters 
and branch locations that use Contivity 
600, 1600, 2600, or 4500 models. 

Small businesses can now connect their 
headquarters with multiple branch offices, 
using secure, encrypted IPsec tunneling over 
the Internet. Due to its affordability, the 
Contivity 400 is the ideal choice for small 
headquarters offices, or for branches that 
require connectivity to several other branches. 
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for small offices and branch offices 


The Contivity 400 offers a complete 
set of site-to-site IP VPN features— 
including secure access to the Internet 
(and branch offices) through tunneling, 
firewall protection, authentication 
features, and encryption of data. 

In addition, the Contivity 400 is ideal 
for enterprises that want instant, secure 
access to the Internet. 

Branch-to-branch VPNs are taking 
off in popularity, yet enterprises may 
have difficulty cost-justifying high-end 
VPN devices at their smaller locations. 
Similarly, a growing number of enterprises 
have seen value in bringing outside 
organizations—such as suppliers, 
distributors, and retail outlets—into 
their communication networks, but must 
look closely at the business case for 
multiple small sites, such as retail outlets. 

That’s where the Contivity 400 comes in. 
As a standalone system, it’s the low-cost 
answer for these small intranet and 
extranet sites. 


What makes the Contivity 
400 exceptional? 

Low-cost, secure tunneling 

The Contivity 400 supports IPsec 
branch tunnels—the data stream of 
each tunnel is wrapped within the 
format of the IPsec protocol, thereby 
enabling corporate communications to 
traverse securely on the public Internet. 

WAN support 

The Contivity 400 has multiple 
interfaces—dual analog/ISDN, and 
T1/E1/V.35/X.21—with backup 
ISDN support. In addition, it provides 
comprehensive leased-line and Internet 
support (such as point-to-point 
connections between two offices) 
through PPP and frame relay. 

Protection from hackers 

The Contivity 400 supports firewalling 
by proxy. This is a technique by which 
a server funnels all user requests to and 
from the Internet. By not opening 
a straight path between two networks, 
firewalling by proxy is designed to 


>revent a hacker from obtaining 
internal addresses and details of the 
private network and its users. 

Assurances for data integrity 

The Contivity 400 accepts incoming 
traffic and sends outgoing traffic through 
authenticated, tunneled connections. 

Data integrity is provided through SHA-1 
(secure hash algorithm-1) or MD5 
(message digest 5)—algorithms that create 
digital signatures. Contivity 400 users can 
choose the authentication method best 
suited to their application requirements. 
Furthermore, session initiation, 
management, and update functions 
for the Contivity 400 are protected by 
PAP (password authentication protocol) 
and CHAP (challenge handshake 
authentication protocol) security. 

Both methods involve accessing a table 
of user IDs and passwords on a server 
to verify users when they log in. CHAP 
provides increased security by encrypting 
user IDs and passwords before trans¬ 
mitting them to the verification server. 
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Serving the price-sensitive, small office, branch 
office segment of the site-to-site IP VPN business 
irket—to provide connectivity to headquarters 
offices and other branch locations that have 
larger Contivity VPN Switches 


extend the performance 


and security of Contivity VPNs to 
sites that require up to 30 tunnels 


Advanced encryption to 
protect data traffic privacy 

All Contivity 400 connections are 
encrypted for privacy using both DES 
(data encryption standard) and triple 
DES (3DES) with pre-shared keys. 

DES is an efficient method that uses a 
56-bit encryption key. 3DES provides 
considerably more security by using 
multiple keys to encrypt, decrypt, and 
encrypt again. 3DES offers an effective 
encryption strength of 112 bits, even 
when a “meet-in-the-middle” attack 
is used against it. Users can pick the 
security method that best suits their 
application requirements. 

Flexible deployment options 

Each Contivity 400 model comes 
with two dedicated 10/100 Ethernet 
ports, along with a seven-port 10/100 
Ethernet switch for office devices, 
plus a range of LAN /WAN interface 
options, including: 

• T1 (with CSU/DSU)/E1/V.35/X.21 
with ISDN backup 

• V.90 dual analog modems 

• ISDN (with and without NTl 
network termination) 

Using standards-compliant IPsec 
tunneling, the Contivity 400 is 
interoperable with other Contivity 
VPN Switches and BayRS routers. 


Scaled and priced for the 
smallest applications 

Designed for small offices and branch 
offices, the Contivity 400 is ideal for 
sites that require up to 30 branch tunnels. 
In a fully meshed configuration, there 
can be a mix of different Contivity 
models. A Contivity 400 switch at a 
branch will typically connect to a larger 
Contivity switch at headquarters. 

Easy installation and 
automated LAN adaptation 

Users can begin accessing the Internet 
immediately without changing 
workstation settings or changing 
the network configuration in any way. 
Existing subnetted intranets do not 
need to be changed or disrupted. 
Automatic detection of DHCP on the 
WAN side enables quick, configuration- 
free installation. Auto-DHCP avoids 
conflicts with existing DHCP servers 
during installation. 

Integrated management 

Remotely manage your Contivity 400 
systems via an advanced, Web-based 
graphical user interface or CLI 
(command line interface) via Telnet. 

All management functions and 
firmware updates can be performed 
over the Internet with password 
protection for security. 


The industry-leading 
Contivity family 

The Contivity 400 VPN switch is the 
newest entry in a complete product 
family that includes models scaled to 
suit applications from home offices 
to large corporate headquarters: 

• The Contivity 4500, the premium 
offering in the Contivity family, 
provides secure, efficient VPN 
connectivity for up to 5000 tunnels. 

• The Contivity 2600 provides full- 
featured performance and security 
for locations that require up to 
1000 tunnels. 

• The Contivity 1600 offers unusually 
flexible solutions for office centers, 
campuses, or branch offices needing 
up to 200 tunnels. 

• The Contivity 600 gives small 
branch offices/small enterprises the 
flexibility of up to 30 simultaneous 
VPN tunnels in both remote access 
and branch office settings. 

• The cost-effective Contivity 400 is 
targeted for branch offices requiring 
up to 30 branch tunnels. 

• The economical Contivity 100 
provides basic branch connectivity 
for small offices and home offices 
requiring a limited number of 
branch tunnels. 

This robust and easily managed 
technology has made Nortel Networks 
the global leader to service providers in 
the VPN gateway market, according to 
a 1Q2001 market analysis report from 
Synergy Research Group. 


Technical specifications 


Contivity 400 


Up to 30 tunnels 

Components 

• Memory: 

- 64 MB RAM 

- 8 MB Flash memory 

• Interfaces: 

- Two 10/100 Ethernet LAN ports 

- 7-port 10/100 Ethernet auto-sensing switch 

- Tl(with CSU/DSU)/E1/V.35/X.21 with ISDN 
link backup 

- V.90 dual analog modems 

- ISDN (with and without NTl network termination) 

- 1 PCI slot 

• Contivity 400 software: 

- CD and on-line HTML documentation 

- Built-in web-cache for fast internal access 

VPN capabilities 

• Tunneling: IPsec 

• Routing protocols: RIP vl, RIP v2, static 

• Encryption: DES, 3DES / 

• Authentication: SHA-1 and MD-5 for digital signatures; 
PAP and CHAP for user logins 

• Management: HTML-based user interface, command 
line interface (CLI) via Telnet 

• Security: Stateful inspection in NAT, five-proxy firewall 

Physical 

Length: 17 in (43.2 cm) 

Width: 13.3 in (39.4 cm) 

Height: 3.5 in (8.9 cm) 

Weight: 13.2 lb (6.0 kg) 

Electrical: internal 85W, 100—240 VAC 


In summary, if you're looking to provide robust, 
secure VPN services for small offices and branch 
offices—either for your own enterprise or to offer 
as a managed service—count on the Contivity 400 
VPN switch, working with other members of the 
proven Contivity family. 



Operating Environment 

• Temperature: 32—104°F (0°—40°C) 

• Relative humidity: 8—80% noncondensing 

• BTU: 290 BTU/hour @ 240 VAC 


In th f United States: 

Nortel Networks 
35 Davis Drive 
Research Triangle Park, 
North Carolina 27709 
ISA 


In Canada: 

Nortel Networks 
8200 Dixie Road 
Suite 100 

Brampton, Ontario L6T 5P6 
Canada 


: or more information, contact your Nortel Networks representative, or 
call 1-800-4 NORTEL or 1-800-466-7835 from anywhere in North America. 

http://www.nortelnetworks.com 
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